(
The controversy over Hillary Clinton’s use of a private e-mail account while she was secretary of state has centered on whether she used it to send or receive classified messages. This focus obscures the larger question of whether Clinton’s setup affected the State Department’s compliance with the Freedom of Information Act and legal requirements for federal agencies to retain records, as well as myriad other questions about agencies’ information-management practices. Moreover, much of the commentary has been more confusing than illuminating, because it fundamentally misunderstands how the classification system works. Correct a handful of prevalent myths, and it’s clear that this aspect of the story reveals more about our nation’s dysfunctional system for managing official secrets than it does about Clinton.
1. Information can be “classified,” even if no one has classified it
2. It’s easy to figure out whether information has been classified.
3. Anything classified is sensitive.
4. Any mishandling of classified information is illegal.
5. Our classification system protects us from harm.
Many news reports and commentators have suggested that “information is classified by [its] nature” (as Sean Davis writes in the Federalist), even if no agency or official has classified it yet. These accounts treat “classified” as a quality rather than an action — one that is inherent, immutable and self-evident. If information is sensitive enough, it’s classified, no matter what.
When it comes to “original classification” — the initial decision to classify information — that portrayal is simply wrong. Under the executive order that governs classification, the 2,000-plus officials who have this authority “may” classify information if its disclosure reasonably could be expected to damage national security. The determination of harm is often highly subjective, and even if an official decides that disclosure would be harmful, he or she is not required to classify.
Information provided by foreign governments in confidence is different. The executive order cautions that the release of such information is “presumed” to harm national security; the rules provide that such information “must be classified.” There is a difference, however, between “must be classified” and “is classified.” After all, when an official receives information, its source and the circumstances of its disclosure may not be apparent. This category of information is not self-identifying, let alone self-classifying.
An official who transmits that information without classifying it has violated agency rules. But the recipient now possesses information that someone else should have classified — not classified information. (Of course, classifying the information, then sending it through unclassified channels to a private e-mail account also would be impermissible. E-mails released by the State Department show that some of Clinton’s correspondents dealt with this by asking to set up conversations over secure telephone lines.)